Close

How to disable wp xmlrpc.php for security issu

Add the following to your htaccess file (if using cPanel) or Apache
<*Files xmlrpc.php>
order deny,allow
deny from all
<*/Files>
note: remove * from the com
or
if you are using nginx then add the following to the vhost config
location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
}

svg1180

2 Comments

  • abdullahsk

    August 28, 2019 at 7:17 am

    U can delete the file from the root directory of WordPress files
    Or use htaccess
    Deny xmlrpc php

  • abdullahsk

    August 28, 2019 at 7:18 am

    if you delete the file then a request is still being made causing a 404 error hence overloading. Best to just block access entirely.